11 October, 2012

You
can use Windows Rights Management Services (RMS) to protect SharePoint
documents in the two most recent releases of SharePoint; SharePoint Server 2010
and SharePoint Server 2007 both include RMS support. However, there are some
restrictions and complexities you should be aware of if you plan to set up RMS
with your SharePoint installations.

An
important thing to know is that RMS can only encrypt SharePoint documents and
subject them to RMS access control restrictions when they are downloaded from a
SharePoint 2010 or SharePoint 2007 document library. RMS doesn't leave
SharePoint documents encrypted while they're stored on the SharePoint server.
This restriction exists so that SharePoint can index and scan the documents on
a SharePoint storage provider. RMS applies its restrictions to a document only
right before it's downloaded to a client computer. Similarly, when an
RMS-protected document is uploaded to a SharePoint site, RMS removes all
protection from the document until a new download request is received.

SharePoint-RMS
integration ensures that security restrictions are enforced even after a
document has left a SharePoint server, which is something that can't be
achieved using the standard SharePoint permissions. SharePoint-RMS integration
also automatically enforces an organization's RMS document security policies. A
SharePoint administrator can centrally define different RMS policies for the
document libraries hosted on a SharePoint server. Therefore, individual users
don't have to decide what protection they need to apply to documents they post
in SharePoint libraries. RMS permissions are defined at the SharePoint document
library level: Documents in a library automatically inherit the library's RMS
permissions. This protection applies to both existing and new documents in the
SharePoint library.

The
RMS protection of SharePoint data is, just like the RMS protection that's
bundled with Windows and Microsoft Office, only possible for certain file
formats. Out of the box, it supports Word, Excel, PowerPoint, InfoPath, and XPS
files. Extensions to apply RMS protection to other file formats (e.g., .pdf,
.cad) can be added through special software from Microsoft partners such as
Liquid Machines (now part of Check Point Software Technologies) and GigaTrust.

RMS
support for SharePoint can be set up using either RMS SP2 or RMS V2, which is
bundled with Windows Server 2008. Provided you already have a functioning RMS
infrastructure, enabling RMS protection in SharePoint is relatively
straightforward. The main configuration actions are

enabling RMS
support on the SharePoint server

setting the
actual RMS restrictions in the configuration of a given document library

You
can enable RMS support in SharePoint by selecting either the Use the default
RMS server specified in Active Directory or Use this RMS server
option in the Information Rights Management section of the SharePoint Central
Administration\Operations configuration section.

To
set RMS restrictions on a SharePoint document library you must use the
Information Rights Management section in the Permissions and Management
configuration section of the document library. When you select the Restrict
permission to documents in this library on download check box, you can
further refine the RMS protection as follows:

Allow users to
print documents.

Enforce users to
verify their credentials every x number of days. This setting can be
useful when someone who has access to RMS-protected confidential data
leaves your organization; the individual will retain access to the data
only for x days after his or her last successful authentication to an RMS
server.

Reject files
that don't support Microsoft Information Rights Management (IRM).
Selecting this option results in SharePoint rejecting the upload of
document formats that don't support RMS.

Remove RMS
protection on a particular date. This setting is useful for publishing
company financial results, for instance. After the quarterly results are
published, the RMS protection policy on the quarterly results SharePoint
library automatically changes -- meaning that the RMS restrictions are
removed.

08 October, 2012

Today one of my client reported with an issue while browseing some of the
SharePoint sites using designer. Accessing sites using SharePoint gives the
below error messages.

Error: Spdesign.exe has been denied access to

Clicking Ok
produces another error message as below.

Error: There is no
server on port 443 at . You have selected the Connect using
SSL Option. This connections problem may indicate that the server does not
support Secure Socket Layer (SSL) communications, or that it uses SSL
communications on a different port number.

I was clue less for the issue at the start since the sites
were browseable using https//….. Protocol. So I started the troubleshooting based
on the troubleshooting related to NIC card, VPN connection suspicion, SSL port
disability (prompting for making calls server at 443 ports) from windows
firewall.

Tried to compare the SPD versions on the different machine
where it was working not working and didn’t found any issue.

Contributor Settings is
not a security feature. Contributor mode is a limited access mode for users who
open and edit SharePoint sites in Office SharePoint Designer 2007. Contributor
mode is designed to be used in an environment where site managers are confident
of their users’ intentions. Contributor mode helps to guide users in a
particular direction to carry out their tasks, and this guidance prevents
accidental changes to the Web site.